freebsd-nq/sys/netinet
Christian S.J. Peron d316f2cf4f Modify ip fw so that whenever UID or GID constraints exist in a
ruleset, the pcb is looked up once per ipfw_chk() activation.

This is done by extracting the required information out of the PCB
and caching it to the ipfw_chk() stack. This should greatly reduce
PCB looking contention and speed up the processing of UID/GID based
firewall rules (especially with large UID/GID rulesets).

Some very basic benchmarks were taken which compares the number
of in_pcblookup_hash(9) activations to the number of firewall
rules containing UID/GID based contraints before and after this patch.

The results can be viewed here:
o http://people.freebsd.org/~csjp/ip_fw_pcb.png

Reviewed by:	andre, luigi, rwatson
Approved by:	bmilekic (mentor)
2004-06-11 22:17:14 +00:00
..
libalias Unbreak natd. 2004-04-02 17:57:57 +00:00
accf_data.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
accf_http.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
icmp6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
icmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
if_atm.c replace explicit changes to rt_refcnt by RT_ADDREF and RT_REMREF 2003-11-08 23:36:32 +00:00
if_atm.h
if_ether.c Another small set of changes to reduce diffs with the new arp code. 2004-04-25 15:00:17 +00:00
if_ether.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
igmp.c Lock down parallel router_info list for tracking multicast IGMP 2004-06-11 03:42:37 +00:00
igmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_cksum.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_gif.c In an effort to simplify the routing code, try to deprecate rtalloc() 2004-04-14 01:13:14 +00:00
in_gif.h - fix typo in comment. 2003-10-07 17:46:18 +00:00
in_pcb.c When checking for possible port theft, skip over a TCP inpcb 2004-05-20 06:35:02 +00:00
in_pcb.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_proto.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_rmx.c Introduce tcp_hostcache and remove the tcp specific metrics from 2003-11-20 20:07:39 +00:00
in_systm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
in.h Introduce a new feature to IPFW2: lookup tables. These are useful 2004-06-09 20:10:38 +00:00
ip6.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_divert.c Remove unneeded Giant acquisition in divert_packet(), which is 2004-06-11 04:06:51 +00:00
ip_divert.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_dummynet.c Add some missing DUMMYNET_UNLOCK() in config_pipe(). 2004-03-03 01:33:22 +00:00
ip_dummynet.h Re-remove MT_TAGs. The problems with dummynet have been fixed now. 2004-02-25 19:55:29 +00:00
ip_ecn.c add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_ecn.h add ECN support in layer-3. 2003-10-29 15:07:04 +00:00
ip_encap.c Lock down IP-layer encapsulation library: 2004-03-10 02:48:50 +00:00
ip_encap.h
ip_fastfwd.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_fw2.c Modify ip fw so that whenever UID or GID constraints exist in a 2004-06-11 22:17:14 +00:00
ip_fw.h Introduce a new feature to IPFW2: lookup tables. These are useful 2004-06-09 20:10:38 +00:00
ip_gre.c Lock down global variables in if_gre: 2004-03-22 16:04:43 +00:00
ip_gre.h de-__P(). 2002-10-16 22:27:27 +00:00
ip_icmp.c do not send icmp response if the original packet is encrypted. 2004-06-07 09:56:59 +00:00
ip_icmp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_id.c Tweak existing header and other build infrastructure to be able to build 2004-02-26 03:53:54 +00:00
ip_input.c Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip_mroute.c add missing #include <sys/module.h> 2004-05-30 20:27:19 +00:00
ip_mroute.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ip_output.c o Calculate a number of bytes to copy (cnt) correctly: 2004-05-11 19:14:44 +00:00
ip_var.h Provide the sysctl net.inet.ip.process_options to control the processing 2004-05-06 18:46:03 +00:00
ip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
ipprotosw.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
pim_var.h New PIM header files. 2003-08-07 18:17:43 +00:00
pim.h Include <sys/types.h> for autoconf/automake detection. 2004-03-08 07:45:32 +00:00
raw_ip.c Introduce a new feature to IPFW2: lookup tables. These are useful 2004-06-09 20:10:38 +00:00
tcp_debug.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_debug.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_fsm.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_hostcache.c Fix a potential race when purging expired hostcache entries. 2004-04-23 13:54:28 +00:00
tcp_input.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_output.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_reass.c Rename m_claim_next_hop() to m_claim_next(), as suggested by Max Laier. 2004-05-02 15:10:17 +00:00
tcp_seq.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_subr.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_syncache.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_timer.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_timer.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_timewait.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
tcp_usrreq.c Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcp_var.h Tighten up reset handling in order to make reset attacks as difficult as 2004-04-26 02:56:31 +00:00
tcp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
tcpip.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp_usrreq.c Switch to using the inpcb MAC label instead of socket MAC label when 2004-05-04 02:11:47 +00:00
udp_var.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00
udp.h Remove advertising clause from University of California Regent's 2004-04-07 20:46:16 +00:00